Log in redirect

Astrop0

Artist
I'm unsure on how to go about setting up a log in redirect, like, if a guest visits the site I would like every page to display some kind of message saying you're not logged in and have a button to login/register. right now logged in or not you can visit every page. 

I just really don't know how to go about this, I have tried googling but I haven't really found anything that i'm looking for. maybe i'm not searching the right thing?  

 
This is a very vague question.

The general idea is that you have a check on every page that searches for your user's account data, and then if no data is found or an error occurs you conditionally show a div that has a "You are not logged in" message and the links to log in or register. 

How you accomplish that will depend on what you're building your site in (PHP, JavaScript, ect.) 

 
It mainly works off php, would putting something that checks for the account info in the header work? also, i'm assuming a if statement could work for this? 

 
I'm pretty much a novice in PHP, but maybe this can help. 

Conditionally Checking the Session

if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
echo "Welcome to the member's area, " . $_SESSION['username'] . "!";
} else {
echo "Please log in first to see this page.";
}


Here's another more complete example from Github.  

 
It would be better to do an actual redirect to a must be logged in page of some sort than to just echo stuff out. Will be more flexible log term.

You can do redirects in php with header() (make sure you use die() or exit() after the header call), however, you need to do the redirect before you output anything else, or it won't work. I recommend having it in a config file of some sort that you can easily require on every page that can check if the current page should require authentication, and if so, if not authenticated redirect. 

Make the 'should require authentication' a function as well as the 'is authenticated' a function and that will simply the logic for you. 

Then you can do something like this (just to give you the idea)

if (thisPageRequiresAuthentication && !isAuthenticated) {

header("Location: http://domain.com/mustlogin.php");
die();

}


Header From PHP manual,

https://www.php.net/manual/en/function.header.php

And stackoverflow example using header, the first question seems extensive,

https://stackoverflow.com/questions/768431/how-do-i-make-a-redirect-in-php

To develop the thisPageRequiresAuthentication function there are different options, just depends what you want and what you already are using. In a lot of cases, such as if you were using a framework or a routing engine, then you'd likely handle it a little differently, but a simple solution assuming you are not doing that but are still just learning would be to just have a list of page names that don't need to be authenticated (or a list that does whitelist vs blacklist) and compare the current page being requested to that list to determine if it's need authenticated. 

 
Back
Top